Several extensions offer functionality through select that may pose a security risk if used in an environment that allows arbitrary queries.
These extensions should be flagged as potential risks in their documentation.
For example, fileio operations could permit arbitrary access to the file system. env operations could allow access to private information such as secret values set using environment variables.
While accessing these extensions requires that they be explicitly loaded, a naive client app may do so without consideration of the potential security risks. A prominent warning in the documentation may be a suitable safety measure, though other precautions may be warranted.
Several extensions offer functionality through
select
that may pose a security risk if used in an environment that allows arbitrary queries.These extensions should be flagged as potential risks in their documentation.
For example,
fileio
operations could permit arbitrary access to the file system.env
operations could allow access to private information such as secret values set using environment variables.While accessing these extensions requires that they be explicitly loaded, a naive client app may do so without consideration of the potential security risks. A prominent warning in the documentation may be a suitable safety measure, though other precautions may be warranted.
E